Question

Case 3: Monitoring Activities: Employee Reimbursements In May 2007, a local chemical plant had an unfortunate accident. Chemicals leaked from a plant holding tank and seeped onto the parking lot. A number of employee vehicles were damaged and required repainting. The company agreed to reimburse employees for the cost of these repairs. Employees were instructed to submit their bills for the repairs to the Controller, Rob Trout. Rob would then issue a check to the employee for the amount of the bill. While the Internal Auditor Director questioned the Audit Committee about the monitoring of the reimbursements during a meeting a month after the accident, the Committee determined that procedures in place were adequate. Nine months later, at a full board meeting, someone made a remark about the fact that bills were still being turned in for reimbursement. By this time, the total of the damages reim- bursed to employees had reached nearly $150,000. After making inquiries, it was discovered that some of the “repairs” were for expensive paint jobs, upgrades, buffing, body repairs, and waxing. Further investigation revealed that thousands of dollars were reimbursed for paint jobs on cars that were damaged prior to the industrial accident. Moreover, some employees had turned in bills for similar jobs just a few months apart—in other words, some cars were reimbursed for the same repair twice. Although this appeared suspicious, no one caught it until the internal auditors came in one year after the accident (in response to the board’s inquiry) and reviewed the invoices and compared them with the employee list and cars repainted. Questions

1. What steps should have been taken by the company to prevent this fraudulent activity from occurring?

2. How could information already in the accounting system have been used to minimize the opportunity for fraud?

Answer 1

(1): The company should have put in place comprehensive internal control measures and these measures would have prevented this fraudulent activity from occurring. It should be noted that Internal control is a process which helps an organization achieve its objectives toward operational efficiency and effectiveness. Internal control helps in risk mitigation by detecting and preventing fraud.

The components of the internal control process are: (1) The control Environment (2) Risk Assessment (3) Control activities (4) Information and Communication and (5) Monitoring.

The control environment refers to the policies and practices as put in place by the top management of a company. The control environment consists of organizational structure, management’s philosophy, HR policies etc. Risk assessment involves identification and analysis of risks. Control activities refer to the policies and procedures that management has established to meet its objectives regarding financial reporting. Information and communication refer to the activities used to record and process an organization’s transactions. Monitoring is the last component of the internal control system. This involves periodic assessment of the quality of internal control process. If the quality is found to be lagging then modifications will have to be made in the internal control systems.

Having a proper, comprehensive and robust internal control system in place would have led to red flagging of incidents like reimbursing the cars twice for the same repair, reimbursing for damages that were there before the incident etc.

(2): The information that was already there in the accounting system could have been used to minimize the opportunity for fraud. All new bills should have been compared to previous bills submitted by an employee and this would have helped the company’s accounting department to identify instances in which employees were claiming reimbursements for the same repair multiple times. The information that was already there in the accounting system could have also been used to see the older bills of employees i.e. bills (if any) that they had submitted before the incident. Comparing the older bills to the bills submitted after the incident would also have helped the accounting team to identify fraud bills and fraud claims and this would have been red flagged there and then.